[Resolved]popups

noneckferret · January 2007

hi its my first time here so i hope you forgive me if don't get it perfect. i have a problem with popups which i think are from a company called zone media. having read through various posts and taken your advice i have scanned with kaspersky online and hijack this .kaspersky told me i have a trojan @ E:\SystemVolumeInformation\_restore{4EECC999-OD3B-4E94-8F27-DOB463CEE37B}\RP35\AOOOO894.exe i can't access this file & kaspersky would not let me save the full report (there was no save as text button). i am including the HJT log file i hope you can help
Logfile of HijackThis v1.99.1
Scan saved at 16:59:47, on 11/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\Prime95\prime95.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
E:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
E:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
e:\progra~1\intern~1\iexplore.exe
E:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\BitLord\BitLord.exe
E:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscali.co.uk/broadband
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Smapp] E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus C48 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P23 "EPSON Stylus C48 Series" /O6 "USB001" /M "Stylus C48"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [coal each boob soap] E:\Documents and Settings\All Users\Application Data\Obj Glue Coal Each\RULE 64.exe
O4 - HKLM\..\Run: [AntiSpywareBot] E:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PowerBar] "E:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [STManager] "E:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [setupbold] E:\DOCUME~1\ron\APPLIC~1\CHINDA~1\settings balm free.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{934C8A38-94CE-4A14-A4DF-E1B3D687D777}: NameServer = 212.139.132.4 212.139.132.5
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Prime95 Service - Unknown owner - E:\Program Files\Prime95\prime95.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Rahina-Rescue · January 2007

Hello noneckferret and welcome to short-media forums. Please Give me some time to look over your log, I will post as soon as I can.

Rahina-Rescue · January 2007

Please Download NoLop to your desktop.

First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it
Now click the button labelled "Search and Destroy"

<<Your computer will now be scanned for infected files>>

When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop. If not, double click the program again and it will finish

Please Post the contents of C:\NoLop.log along with a fresh HijackThis log.

If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program

noneckferret · January 2007

hi have done as suggested but i am still getting popups. here are the new log files:
Logfile of HijackThis v1.99.1
Scan saved at 13:24:45, on 12/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\Prime95\prime95.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
E:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
E:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
E:\Program Files\Internet Explorer\iexplore.exe
E:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
e:\progra~1\intern~1\iexplore.exe
E:\Program Files\BitLord\BitLord.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscali.co.uk/broadband
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Smapp] E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus C48 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P23 "EPSON Stylus C48 Series" /O6 "USB001" /M "Stylus C48"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [coal each boob soap] E:\Documents and Settings\All Users\Application Data\Obj Glue Coal Each\RULE 64.exe
O4 - HKLM\..\Run: [AntiSpywareBot] E:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PowerBar] "E:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [STManager] "E:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [PcSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [setupbold] E:\DOCUME~1\ron\APPLIC~1\CHINDA~1\settings balm free.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{934C8A38-94CE-4A14-A4DF-E1B3D687D777}: NameServer = 212.139.132.42 212.139.132.41
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Prime95 Service - Unknown owner - E:\Program Files\Prime95\prime95.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

NoLop! Log by Skate_Punk_21

Fix running from: E:\Documents and Settings\ron\Desktop
[12/01/2007]
[13:19:29]

---Infection Files Found/Removed---
E:\WINDOWS\tasks\F5EDA3EFD9D25507.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

E:\Documents and Settings\All Users\Application Data\Ahead
E:\Documents and Settings\All Users\Application Data\Avg7
E:\Documents and Settings\All Users\Application Data\Cyberlink
E:\Documents and Settings\All Users\Application Data\Downloaded Installations
E:\Documents and Settings\All Users\Application Data\Grisoft
E:\Documents and Settings\All Users\Application Data\Microsoft
E:\Documents and Settings\All Users\Application Data\Obj Glue Coal Each
E:\Documents and Settings\All Users\Application Data\Quicktime
E:\Documents and Settings\All Users\Application Data\Udl -- EMPTY Directory
E:\Documents and Settings\All Users\Application Data\Yahoo!
E:\Documents and Settings\All Users\Application Data\Yahoo! Companion
E:\Documents and Settings\Default User\Application Data\Microsoft
E:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
E:\Documents and Settings\Localservice\Application Data\Microsoft
E:\Documents and Settings\Networkservice\Application Data\Microsoft
E:\Documents and Settings\Ron\Application Data\Adobe
E:\Documents and Settings\Ron\Application Data\Ahead
E:\Documents and Settings\Ron\Application Data\Arcsoft
E:\Documents and Settings\Ron\Application Data\Avg7
E:\Documents and Settings\Ron\Application Data\Bitgrabber
E:\Documents and Settings\Ron\Application Data\Bittorrent
E:\Documents and Settings\Ron\Application Data\Chindateeq
E:\Documents and Settings\Ron\Application Data\Cyberlink
E:\Documents and Settings\Ron\Application Data\Datalayer
E:\Documents and Settings\Ron\Application Data\Divx
E:\Documents and Settings\Ron\Application Data\Epson
E:\Documents and Settings\Ron\Application Data\Help -- EMPTY Directory
E:\Documents and Settings\Ron\Application Data\Identities
E:\Documents and Settings\Ron\Application Data\Intertrust
E:\Documents and Settings\Ron\Application Data\Macromedia
E:\Documents and Settings\Ron\Application Data\Microsoft
E:\Documents and Settings\Ron\Application Data\Nokia
E:\Documents and Settings\Ron\Application Data\Nokia Multimedia Player
E:\Documents and Settings\Ron\Application Data\Pc Suite
E:\Documents and Settings\Ron\Application Data\Real

Rahina-Rescue · January 2007

Hello, there, i am sorry for the delay.

Please follow my instructions and we will get your system cleaned up

You don't have a firewall installed.

Please Download One Firewall from the list Below:

Comodo Personal Firewall <-- I recommend this one
Sygate Personal Firewall
Outpost Personal Firewall
Jetico Personal Firewall

Open HijackThis and scan. When it finishes, put an X in the box next to these following item(s) and click fix checked.

O4 - HKLM\..\Run: [coal each boob soap] E:\Documents and Settings\All Users\Application Data\Obj Glue Coal Each\RULE 64.exe
O4 - HKCU\..\Run: [setupbold] E:\DOCUME~1\ron\APPLIC~1\CHINDA~1\settings balm free.exe

Please search the following folders, delete if found.

E:\Documents and Settings\All Users\Application Data\Obj Glue Coal Each
E:\Documents and Settings\Ron\Application Data\Chindateeq

Download ATF-Cleaner by Atribune to your desktop.

Do not run it yet.

Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Kaspersky On-line Scanner

When you are prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files
When the files finish downloading click on NEXT
Now click on Scan Settings
In Scan Settings make sure that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:
Select My Computer
This program will start and scan your system.
Online scan can take a long time to complete and the time is impacted by the speed of your internet connection. Be patient and let it run. It is best not to do anything else while the scan is running. This will help it to complete faster.
When the scan has completed, it will display whether your system has been infected or not
Click on the Save as Text button:
Save the file to your desktop or another folder where you can locate it later.
Attach this file to your next message.

Please Post a Fresh HJT-Log & Kaspersky Report

noneckferret · January 2007

thanks for the help. i promise to make a donation as soon as my finances recover from xmas.
Obj Glue Coal Each will not delete from docs & settings
here are the logs:

KASPERSKY ONLINE SCANNER REPORT
Friday, January 12, 2007 5:43:43 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/01/2007
Kaspersky Anti-Virus database records: 258034

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 35338
Number of viruses found: 2
Number of infected objects: 3 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:28:08

Infected Object Name / Virus Name / Last Action
E:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
E:\Documents and Settings\All Users\Application Data\Obj Glue Coal Each\RULE 64.exe Infected: not-a-virus:AdWare.Win32.Lop.bi skipped
E:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
E:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
E:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
E:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
E:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
E:\Documents and Settings\ron\Cookies\index.dat Object is locked skipped
E:\Documents and Settings\ron\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
E:\Documents and Settings\ron\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
E:\Documents and Settings\ron\Local Settings\History\History.IE5\index.dat Object is locked skipped
E:\Documents and Settings\ron\Local Settings\History\History.IE5\MSHist012007011220070113\index.dat Object is locked skipped
E:\Documents and Settings\ron\Local Settings\Temp\~DF787A.tmp Object is locked skipped
E:\Documents and Settings\ron\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
E:\Documents and Settings\ron\NTUSER.DAT Object is locked skipped
E:\Documents and Settings\ron\ntuser.dat.LOG Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{4EECC999-0D3B-4E94-8F27-D0B463CEE37B}\RP35\A0000894.exe Infected: Trojan.Win32.Obfuscated.bf skipped
E:\System Volume Information\_restore{4EECC999-0D3B-4E94-8F27-D0B463CEE37B}\RP52\A0006156.exe Infected: not-a-virus:AdWare.Win32.Lop.bi skipped
E:\System Volume Information\_restore{4EECC999-0D3B-4E94-8F27-D0B463CEE37B}\RP52\change.log Object is locked skipped
E:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
E:\WINDOWS\SchedLgU.Txt Object is locked skipped
E:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
E:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\default Object is locked skipped
E:\WINDOWS\system32\config\default.LOG Object is locked skipped
E:\WINDOWS\system32\config\SAM Object is locked skipped
E:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
E:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\SECURITY Object is locked skipped
E:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
E:\WINDOWS\system32\config\software Object is locked skipped
E:\WINDOWS\system32\config\software.LOG Object is locked skipped
E:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\system Object is locked skipped
E:\WINDOWS\system32\config\system.LOG Object is locked skipped
E:\WINDOWS\system32\h323log.txt Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
E:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 17:50:50, on 12/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Comodo\Firewall\cmdagent.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\Prime95\prime95.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
E:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
E:\Program Files\Comodo\Firewall\CPF.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
E:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
E:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
E:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscali.co.uk/broadband
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Smapp] E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus C48 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P23 "EPSON Stylus C48 Series" /O6 "USB001" /M "Stylus C48"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [AntiSpywareBot] E:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [Comodo Firewall] "E:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PowerBar] "E:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [STManager] "E:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [PcSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [setupbold] E:\DOCUME~1\ron\APPLIC~1\CHINDA~1\settings balm free.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{934C8A38-94CE-4A14-A4DF-E1B3D687D777}: NameServer = 212.139.132.41 212.139.132.42
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - E:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Prime95 Service - Unknown owner - E:\Program Files\Prime95\prime95.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Rahina-Rescue · January 2007

Thank you!

Let's Continue cleaning. Please print these instructions so they will be available to you while working in safe mode.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Open HijackThis and scan. When it finishes, put an X in the box next to these following item and click fix checked.

O4 - HKCU\..\Run: [setupbold] E:\DOCUME~1\ron\APPLIC~1\CHINDA~1\settings balm free.exe

Search the following folders, delete (if present.)

E:\Documents and Settings\Ron\Application Data\Chindateeq
E:\Documents and Settings\All Users\Application Data\Obj Glue Coal Each

Please Post a Fresh HJT log.

noneckferret · January 2007

hello again.hte good news is the popups have stopped and i have deleted the two folders but i had to do this in normal mode as f8 key brought up a boot device priority box ! anyway they seem to be gone.the only thing i'm concerned about now is the kaspersky report which found two trojans and three infected items . the firewall you recommended blocked so much that i've uninsalled it for now but will give it another go when i've got more time to figure out the settings.
here is the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 13:21:01, on 13/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\Prime95\prime95.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
E:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
E:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
E:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
E:\Program Files\BitLord\BitLord.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscali.co.uk/broadband
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Smapp] E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus C48 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P23 "EPSON Stylus C48 Series" /O6 "USB001" /M "Stylus C48"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [AntiSpywareBot] E:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{934C8A38-94CE-4A14-A4DF-E1B3D687D777}: NameServer = 212.139.132.42 212.139.132.41
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Prime95 Service - Unknown owner - E:\Program Files\Prime95\prime95.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Rahina-Rescue · January 2007

Try this firewall:

Outpost Personal Firewall

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

Turn off System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer.

Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
Click Create a Restore Point, and then click Next.
Name your restore point.

Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure

Use ATF Cleaner
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.

Use AVG Anti-Spyware
Update it and scan your computer regularly with it.

Use CCleaner
It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space.

Install SpywareBlaster
SpywareBlaster will prevent spyware from being installed.

Install MVPS Hosts file
This prevents your computer from connecting to harmful sites.

Use Firefox browser
Firefox is faster, safer and better browser than Internet Explorer.

Keep your system up-to-date
Visit Windows Update regularly.

Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.

Safe surfing

Rahina-Rescue · January 2007

Since this issue appears resolved, this Topic is closed, glad we could help .

If you need this topic reopened, please request this by sending the moderating team
a PM, with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

[Resolved]popups

Comments